Vulnerability Description
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Miineport E1 Firmware | <= 1.7 |
| Moxa | Miineport E2 Firmware | <= 1.3 |
| Moxa | Miineport E3 Firmware | <= 1.0 |
| Moxa | Miineport E1 | - |
| Moxa | Miineport E2 | - |
| Moxa | Miineport E3 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94783Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/94783Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-9344?
CVE-2016-9344 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able t...
How severe is CVE-2016-9344?
CVE-2016-9344 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9344?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Miineport E1 Firmware, Moxa Miineport E2 Firmware, Moxa Miineport E3 Firmware, Moxa Miineport E1, Moxa Miineport E2.